User authentication in Django

The Django authentication system handles both authentication and authorization. Briefly, authentication verifies a user is who they claim to be, and authorization determines what an authenticated user is allowed to do. Here the term authentication is used to refer to both tasks.

The auth system consists of:

• Users
• Permissions: Binary (yes/no) flags designating whether a user may perform a certain task.
• Groups: A generic way of applying labels and permissions to more than one user.
• Forms and view tools for logging in users, or restricting content
• A pluggable backend system

• Password strength checking
• Throttling of login attempts
• Authentication against third-parties (OAuth, for example)
• Object-level permissions

Authentication support is bundled as a Django contrib module in . By default, the required configuration is already included in the settings.py generated by django-admin startproject, these consist of two items listed in your setting:

1. 'django.contrib.contenttypes' is the Django content type system, which allows permissions to be associated with models you create.

and these items in your setting:

1. SessionMiddleware manages across requests.
2. AuthenticationMiddleware associates users with requests using sessions.

• Working with User objects
• Authentication in web requests

Password management in Django